Passwords

Have you been SMiShed?
When we make credit or purchases at the store we always keep our card in sight and carefully hide our pin number from prying eyes; We’re savvy about emails promising us the lion’s share of a Nigerian estate settlement and those that congratulate us on winning the Irish Sweepstakes when we’ve never set foot outside of Canada or even bought a ticket.

We are always on high alert knowing that these tactics are fraudulent and we know they’re a scam. But can we truly manage to keep from falling prey to cyber predators? While emails offering outrageous windfalls can often be questioned using common sense, sometime those from supposedly legitimate sources have shown that they can truly throw us off-guard. That’s because criminals often send fake and often well-crafted emails known as “spoof” or “phishing” emails that are designed to look like the real thing. Like trying to avoid the wrath of the Borg, we comply, because, we’re worried about the consequences if we don’t. Forms of SMiShing. Pressure builds over iTunes, App Store fraud. Make it stop... developers and consumers want more action against App Store fraud.

In a little more than an hour, Ryan Matthew Pierson racked up $US437.71 in iTunes charges for virtual currency that he could use to buy guns, nightclubs and cars in iMobster, a popular iPhone game. One problem: Pierson, a technology writer in Texas, has never played iMobster. ''This was fraud,'' said Pierson, recalling the November incident. ''I woke up, checked my email, and I could see these purchases happening in real time.''

Pierson raised the issue with Apple and his bank, and the problem was eventually resolved. The complaints come from consumers like Pierson, who say their accounts have been hijacked or that some apps are falsely advertised. Advertisement It's a change for Apple, which was once criticised for its micromanaging of the App Store. The App Store offers more than 600,000 applications for iPhones, iPads and iPod Touches, and has generated billions in revenue for Apple and its developers.
Passphrases only marginally more secure than passwords because of poor choices. Passwords that contain multiple words aren't as resistant as some researchers expected to certain types of cracking attacks, mainly because users frequently pick phrases that occur regularly in everyday speech, a recently published paper concludes.

Security managers have long regarded passphrases as an easy-to-remember way to pack dozens of characters into the string that must be entered to access online accounts or to unlock private encryption keys. The more characters, the thinking goes, the harder it is for attackers to guess or otherwise crack the code, since there are orders of magnitude more possible combinations. But a pair of computer scientists from Cambridge University has found that a significant percentage of passphrases used in a real-world scenario were easy to guess. The "30 bits of security" means the chances of a single guess cracking a four-word passphrase would be one in 230.

If you're using 'Password1,' seriously, change it now. The number one way hackers get into protected systems isn't through a fancy technical exploit.

It's by guessing the password. That's not too hard when the most common password used on business systems is "Password1.
" There's a technical reason for Password1's popularity: It's got an upper-case letter, a number and nine characters. That satisfies the complexity rules for many systems, including the default settings for Microsoft's widely used Active Directory identity management software. Security services firm Trustwave spotlighted the "Password1" problem in its recently released "2012 Global Security Report," which summarizes the firm's findings from nearly 2 million network vulnerability scans and 300 recent security breach investigations.

Around 5% of passwords involve a variation of the word "password," the company's researchers found. Verizon came up with similar results in its 2012 Data Breach Investigations Report, one of the security industry's most comprehensive annual studies.
Should I Change My Password?
Protect Yourself from Vishing. “Vishing” occurs when criminals cold-call victims and attempt to persuade them to divulge personal information over the phone.

These scammers are generally after credit card numbers and personal identifying information, which can then be used to commit financial theft. Vishing can occur both on your landline phone or via your mobile phone. The term is a combination of “voice,” and “phishing,” which is, of course, the use of spoofed emails to trick targets into clicking malicious links. Rather than email, vishing generally relies on automated phone calls that instruct targets to provide account numbers. Techniques scammers use to get your phone numbers include: Wardialing: This is when a visher uses an automated system to target specific area codes with a phone call involving local or regional banks or credit unions.